Joas Schilling
e5d0ff0c19
feat(translation): Allow guests to use translations as well
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-13 09:02:46 +02:00
Joas Schilling
032821d2b5
fix(translation): Use 400 as status code to be distinguishable from server errors
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-13 09:02:42 +02:00
Joas Schilling
b7c1e61d0b
fix(translation): Properly set the numbers as HTTP status code
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-13 09:02:38 +02:00
Joas Schilling
21b056ee2d
fix(translation): Translate error messages on translations API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-13 08:53:15 +02:00
Côme Chilliet
5063b76c8a
Merge pull request #37495 from joshtrichards/jr-trim-pw-reset-username
...
Trim the user/email provided for password resets
2023-04-05 11:36:53 +02:00
Josh Richards
9899b12478
Trim user earlier
...
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
2023-04-04 10:03:15 -04:00
Christopher Ng
7bc8b543be
Improve handling of profile fields
...
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2023-03-30 17:11:41 -07:00
Josh Richards
203b9131ec
Trim the user/email provided for password resets
...
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
2023-03-30 11:59:13 -04:00
jld3103
02f9c3a06f
Use implementations instead of interfaces for accessing private methods
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-03-30 12:33:46 +02:00
Git'Fellow
cfd7a57184
Send header to all browsers under HTTPS
...
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Don't send Clear-Site-Data to Safari
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Fix lint
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2023-03-26 15:29:01 +02:00
jld3103
79507435fa
Fix controller class import for autocomplete
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-03-16 09:50:43 +01:00
Julius Härtl
a0ecc37d03
fix(translation): Allow regular users to use translation api endpoints
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-02-28 09:29:57 +01:00
Julius Härtl
3e63298381
feat(translations): Add translation provider API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-02-27 16:52:03 +01:00
MichaIng
0d67fc23f4
Merge pull request #36634 from nextcloud/fix/client-login-flow/state-token-missing-response
...
fix(client-login-flow): Use correct response for missing state token
2023-02-27 16:34:07 +01:00
Julien Veyssier
01cefbd6d6
[reference preview] fix getting null mimetype if the cached reference lacks an image content type
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-02-22 12:39:26 +01:00
Simon L
a747be3544
Merge pull request #36443 from nextcloud/fix/23063/fix-login-log-entry
...
fix the login log entry
2023-02-15 18:13:59 +01:00
Christoph Wurst
024adc14b1
fix(client-login-flow): Use correct response for missing state token
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-02-09 14:11:28 +01:00
Joas Schilling
59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset
...
Add bruteforce protection to password reset page
2023-02-06 22:12:25 +01:00
Christoph Wurst
88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-02-06 09:42:15 +01:00
Joas Schilling
704eb3aa6c
Add bruteforce protection to password reset page
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-02 06:13:49 +01:00
Simon L
6496748971
fix the login log entry
...
Signed-off-by: Simon L <szaimen@e.mail.de>
2023-01-30 17:07:44 +01:00
Christoph Wurst
7269766e05
Merge pull request #36363 from nextcloud/feat/app-framework/usesession-attribute
...
feat(app-framework): Add UseSession attribute to replace annotation
2023-01-27 16:59:14 +01:00
Julien Veyssier
8766e4f242
handle and return touchProvider errors
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-01-27 11:10:56 +01:00
Julien Veyssier
946a1af9fd
add 'last used timestamp' management for reference providers
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-01-27 11:10:56 +01:00
Julien Veyssier
6431c5a559
extend the reference API for the new link picker
...
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-01-27 11:10:55 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-27 09:40:35 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +01:00
Simon L
06a572ff55
Merge pull request #27492 from cyclops8456/feature/24301-remove-can-install-on-occ-maintenance-install
...
Remove the CAN_INSTALL file when occ maintenance:install is complete
2023-01-18 19:53:02 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods
...
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.
If services are injected into the method, we only build the DI tree if
that method gets executed.
This is also how Laravel allows injection.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 14:00:38 +01:00
Christoph Wurst
f22101d421
Fix login loop if login CSRF fails and user is not logged in
...
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 09:39:17 +01:00
Alex Harpin
644df591b1
Rename canInstallExists method and add new method for removal
...
Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it.
Add new method to detect if this file exists during web based installation.
Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
2023-01-10 11:59:06 +00:00
Alex Harpin
72af140723
Move CAN_INSTALL check to method and remove unlink from SetupController
...
Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class.
Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
2023-01-10 11:59:06 +00:00
Joas Schilling
b4a29644cc
Add a const for the max user password length
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-04 11:23:43 +01:00
Joas Schilling
9cfaf27142
Also limit the password length on reset
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-03 16:36:01 +01:00
Christoph Wurst
138deec333
chore: Make the LoginController strict
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-12-15 10:52:28 +01:00
Daniel Kesselberg
b5f6ecfb00
Fix GH-33187
...
$this->userId is null when loggedin via app password.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2022-12-12 19:12:18 +00:00
Richard Steinmetz
fc4dd3041c
Fix default redirect on successful WebAuthn login
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2022-12-05 12:51:53 +01:00
Simon L
23f336761e
Merge pull request #35385 from pulsejet/patch-previewtype
...
Fix type of PreviewController::$userId
2022-12-03 19:09:37 +01:00
Carl Schwan
6c76443e89
Revert unrelated change from #34940
...
Probably a left over from an experience that I added by mistake in the
change
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-12-02 11:29:38 +01:00
Varun Patil
136b2c5949
Fix type of PreviewController::$userId
...
Can be null if not logged in; currently crashes
Signed-off-by: Varun Patil <varunpatil@ucla.edu>
2022-11-24 02:33:31 -08:00
Carl Schwan
86d9626901
Add mastodon personal info field
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-11-21 16:28:56 +01:00
Julius Härtl
8629d8e44f
Check share attributes on preview endpoints
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-10-25 11:35:31 +02:00
Julius Härtl
11bedf1c3b
Use proper error pages instead of always redirecting
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-10-21 15:12:21 +02:00
John Molakvoæ (skjnldsv)
bd303388e3
Cleanup ie and old edge properties
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2022-10-19 10:02:51 +02:00
Côme Chilliet
71ee292650
Add rate limiting on lost password emails
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-10-18 14:49:02 +00:00
Julien Veyssier
6e03d99ab8
fix reference preview endpoint when no server-side cache configured
...
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
2022-10-13 15:18:21 +02:00
Joas Schilling
0642d17e4f
Fix URLs on reference resolving
...
The vue-richtext app currently sends leading spaces if they are in the text.
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-09-30 09:40:43 +02:00
Julius Härtl
f4a2ab137b
Add cache header for image endpoint if link previews
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-09-28 13:21:28 +00:00
Julius Härtl
5fa7563bf9
Add endpoint to fetch a cachable reference data
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-09-26 17:44:49 +02:00
Carl Schwan
66a7a89898
Add api to load additional section in profile page
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-09-14 12:55:40 +02:00